status-mobile/doc/decisions/0007-masking-sensitive-data.md
Jakub Sokołowski 1f7fd17ff1
rename status-react to status-mobile
This way the name of the repo makes at least some sense and
matches the `status-desktop` repo naming.

Also updated `status-jenkins-lib` since it also contained
references to `status-react` repo and job names.

Signed-off-by: Jakub Sokołowski <jakub@status.im>
2022-07-17 14:46:16 +02:00

1.2 KiB

0007. Masking Sensitive Data

Date Tags
2018-05-22 e.g: architecture, security

Status

Proposed

Context

We have some data that we don't want to appear in the logs (user passwords are a good example). Currently, they are passed around as strings, that could be printed out by mistake in a log entry (see https://github.com/status-im/status-mobile/issues/4053)

Decision

To minimize the risk of leaking passwords through logs, we should not pass passwords as strings in our codebase. We introduced a new type MaskedData in status-im.utils.security. We use (security/mask-data <data to hide> to wrap sensitive data into this type and then use (security/unmask <masked-data>) to get the plaintext back.

It is important to keep that sensitive data masked as much as possible, until you need the plaintext to pass to the extenral APIs.

Example:

(println (security/mask-data "my-plaintext-password")) ;; Outputs "******"
(println (security/unmask (security/mask-data "my-plaintext-password"))) ;; Outputs "my-plaintext-password"

Consequences

Tradeoffs:

  • developers need to be aware of this type and have a clear separation where do we use plaintext and where do we use masked datak